Demonrex utworzono 13 września 2008 utworzono 13 września 2008 Siema, ostatnio sam z siebie wykasował mi się cały folder z grą O.o. Postanowiłem to sprawdzic. Mam Viste Home Premium 32-bit. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:13:27, on 2008-09-13Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Windows\system32\taskeng.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\system32\conime.exeC:\Windows\System32\mobsync.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Opera\opera.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\SearchFilterHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:/oem/podziekowania/podziekowania.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:/oem/podziekowania/podziekowania.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:/oem/podziekowania/podziekowania.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [CafeNews] C:\Program Files\CafeNews\CN.exe /autostartO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [skytel] Skytel.exeO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htmO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dllO9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe--End of file - 6278 bytes Dzięki z góry
Gość komentarz 13 września 2008 komentarz 13 września 2008 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:/oem/podziekowania/podziekowania.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:/oem/podziekowania/podziekowania.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:/oem/podziekowania/podziekowania.html O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Te w/w wpisy sfiksuj w Hijacku: >>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked Daj log z -----> ComboFix.
Demonrex komentarz 13 września 2008 Autor komentarz 13 września 2008 Log z ComboFix: ComboFix 08-09-12.09 - oem 2008-09-13 15:54:02.1 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.1224 [GMT 2:00]Uruchomiony z: D:\ComboFix.exe * Utworzono nowy punkt przywracania.((((((((((((((((((((((((( Pliki utworzone od 2008-08-13 do 2008-09-13 ))))))))))))))))))))))))))))))).2008-09-13 11:12 . 2008-09-13 11:12 <DIR> d-------- C:\Program Files\Trend Micro2008-09-12 19:43 . 2008-09-12 19:45 <DIR> d-------- C:\Users\All Users\Lavasoft2008-09-12 19:43 . 2008-09-12 19:45 <DIR> d-------- C:\ProgramData\Lavasoft2008-09-12 19:43 . 2008-09-12 19:43 <DIR> d-------- C:\Program Files\Lavasoft2008-09-12 19:42 . 2008-09-12 19:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-09-12 15:19 . 2008-09-12 15:19 <DIR> d-------- C:\Users\All Users\WindowsSearch2008-09-12 15:19 . 2008-09-12 15:19 <DIR> d-------- C:\ProgramData\WindowsSearch2008-09-10 12:15 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll2008-09-10 12:15 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys2008-09-10 12:15 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll2008-09-10 12:15 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll2008-09-10 12:15 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys2008-09-10 12:15 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys2008-09-10 12:15 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll2008-09-10 12:15 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll2008-09-10 12:15 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll2008-09-08 20:53 . 2008-09-08 20:53 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment2008-09-07 18:21 . 2008-09-07 18:26 139,264 --a------ C:\Windows\War3Unin.exe2008-09-07 18:21 . 2008-09-07 18:26 42,441 --a------ C:\Windows\War3Unin.dat2008-09-07 18:21 . 2008-09-07 18:26 2,829 --a------ C:\Windows\War3Unin.pif2008-09-06 11:15 . 2008-09-06 11:16 21,840 --a----t- C:\Windows\System32\SIntfNT.dll2008-09-06 11:15 . 2008-09-06 11:16 17,212 --a----t- C:\Windows\System32\SIntf32.dll2008-09-06 11:15 . 2008-09-06 11:16 12,067 --a----t- C:\Windows\System32\SIntf16.dll2008-09-01 18:55 . 2008-09-12 15:39 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar2008-09-01 18:50 . 2008-09-01 18:50 <DIR> d-------- C:\Users\oem\AppData\Roaming\DAEMON Tools2008-08-26 20:12 . 2008-08-26 20:22 <DIR> d-------- C:\Users\oem\AppData\Roaming\Nowe Gadu-Gadu2008-08-22 11:44 . 2008-08-22 11:44 <DIR> d-------- C:\Program Files\ChickenInvaders2Polish2008-08-19 18:33 . 2008-08-19 18:35 <DIR> d-------- C:\Users\oem\AppData\Roaming\IDM2008-08-19 18:33 . 2008-08-19 18:38 <DIR> d-------- C:\Users\oem\AppData\Roaming\DMCache2008-08-19 18:33 . 2008-08-19 18:39 <DIR> d-------- C:\Program Files\Internet Download Manager2008-08-19 18:17 . 2008-08-22 11:44 <DIR> d-------- C:\Users\All Users\InterAction studios2008-08-19 18:17 . 2008-08-22 11:44 <DIR> d-------- C:\ProgramData\InterAction studios2008-08-19 18:15 . 2008-08-19 18:15 <DIR> d-------- C:\Program Files\ReflexiveArcade2008-08-19 18:15 . 2008-08-21 21:21 <DIR> d-------- C:\Program Files\Chicken Invaders 32008-08-19 18:06 . 2008-08-19 18:06 <DIR> d-------- C:\Users\All Users\Trymedia2008-08-19 18:06 . 2008-08-19 18:06 <DIR> d-------- C:\ProgramData\Trymedia2008-08-16 16:20 . 2008-08-17 15:13 <DIR> d-------- C:\Users\oem\AppData\Roaming\SPORE Creature Creator2008-08-16 16:19 . 2008-08-16 16:19 <DIR> d-------- C:\Program Files\Electronic Arts2008-08-13 21:47 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll2008-08-13 12:03 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb2008-08-13 12:03 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll2008-08-13 12:03 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL2008-08-13 12:03 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll2008-08-13 12:02 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-13 12:41 --------- d-----w C:\ProgramData\Kaspersky Lab2008-09-13 10:21 557,088 --sha-w C:\Windows\system32\drivers\fidbox2.dat2008-09-13 10:21 4,508,704 --sha-w C:\Windows\system32\drivers\fidbox.dat2008-09-13 10:21 4,032 --sha-w C:\Windows\system32\drivers\fidbox2.idx2008-09-13 10:21 37,352 --sha-w C:\Windows\system32\drivers\fidbox.idx2008-09-10 19:17 --------- d-----w C:\ProgramData\Microsoft Help2008-09-05 17:23 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-09-01 16:50 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys2008-08-23 09:39 --------- d-----w C:\Users\oem\AppData\Roaming\Tibia2008-08-22 09:44 --------- d-----w C:\Users\oem\AppData\Roaming\uTorrent2008-08-13 19:45 --------- d-----w C:\Program Files\Windows Mail2008-08-12 18:48 --------- d-----w C:\Program Files\Tibia2008-08-12 18:48 --------- d-----w C:\Program Files\Asprate2008-08-12 12:58 --------- d-----w C:\ProgramData\Nero2008-08-12 12:58 --------- d-----w C:\Program Files\Common Files\Nero2008-08-12 08:15 --------- d-----w C:\ProgramData\Media Center Programs2008-08-11 12:02 --------- d-----w C:\ProgramData\Test Drive Unlimited2008-08-11 09:39 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll2008-08-10 17:13 --------- d-----w C:\Users\oem\AppData\Roaming\NeroDCTemplates2008-08-10 17:07 --------- d-----w C:\Users\oem\AppData\Roaming\Nero2008-08-10 17:07 --------- d-----w C:\ProgramData\LightScribe2008-08-10 17:03 --------- d-----w C:\Program Files\NeroInstall.bak2008-08-10 17:00 --------- d-----w C:\Program Files\Nero2008-08-10 13:16 86,016 ----a-w C:\Windows\System32\OpenAL32.dll2008-08-10 13:16 262,144 ----a-w C:\Windows\System32\wrap_oal.dll2008-08-08 18:03 --------- d-----w C:\Program Files\Common Files\INCA Shared2008-08-08 17:35 --------- d-----w C:\Program Files\Common Files\Adobe2008-08-07 11:28 --------- d-----w C:\Users\oem\AppData\Roaming\DAEMON Tools Pro2008-08-07 11:28 --------- d-----w C:\ProgramData\DAEMON Tools Pro2008-08-06 19:50 --------- d-----w C:\Program Files\uTorrent2008-08-06 19:40 96,976 ----a-w C:\Windows\system32\drivers\klin.dat2008-08-06 19:40 87,855 ----a-w C:\Windows\system32\drivers\klick.dat2008-08-06 19:33 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files2008-08-06 19:33 --------- d-----w C:\Program Files\Kaspersky Lab2008-08-06 19:30 --------- d-----w C:\Program Files\F-Secure Internet Security2008-08-06 19:17 --------- d-----w C:\ProgramData\F-Secure2008-08-06 17:44 --------- d-----w C:\Users\oem\AppData\Roaming\F-Secure2008-08-06 17:31 --------- d-----w C:\Program Files\MarBit2008-08-06 12:39 --------- d-----w C:\Program Files\ATITool2008-08-05 15:03 278,984 ----a-w C:\Windows\system32\drivers\atksgt.sys2008-08-05 15:03 25,416 ----a-w C:\Windows\system32\drivers\lirsgt.sys2008-08-05 14:12 --------- d-----w C:\Users\oem\AppData\Roaming\Summer Athletics 20082008-08-05 10:12 --------- d-----w C:\Program Files\MSXML 4.02008-08-04 20:34 --------- d-----w C:\Program Files\Windows Live2008-08-04 18:46 --------- d-----w C:\Users\oem\AppData\Roaming\Gadu-Gadu2008-08-04 18:40 --------- d-----w C:\Program Files\Gadu-Gadu2008-08-04 18:17 16,608 ----a-w C:\Windows\gdrv.sys2008-08-04 18:08 --------- d-----w C:\Program Files\Opera2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll2008-07-22 08:05 --------- d-----w C:\Users\oem\AppData\Roaming\ATI2008-07-18 18:38 587,264 ----a-w C:\Windows\WLXPGSS.SCR2008-07-08 08:49 319,456 ----a-w C:\Windows\DIFxAPI.dll2008-07-08 08:47 315,392 ----a-w C:\Windows\HideWin.exe2008-07-04 03:37 421,888 ----a-w C:\Windows\System32\ATIDEMGX.dll2008-07-04 03:37 331,776 ----a-w C:\Windows\System32\atipdlxx.dll2008-07-04 03:37 266,240 ----a-w C:\Windows\System32\Oemdspif.dll2008-07-04 03:37 159,744 ----a-w C:\Windows\System32\atitmmxx.dll2008-07-04 03:36 43,520 ----a-w C:\Windows\System32\ati2edxx.dll2008-07-04 03:36 270,336 ----a-w C:\Windows\System32\Ati2evxx.dll2008-07-04 03:35 692,224 ----a-w C:\Windows\System32\Ati2evxx.exe2008-07-04 03:27 1,626,624 ----a-w C:\Windows\System32\atidxx32.dll2008-07-04 03:21 3,691,008 ----a-w C:\Windows\System32\atiumdag.dll2008-07-04 03:03 4,427,264 ----a-w C:\Windows\System32\atiumdva.dll2008-07-04 02:52 9,306,112 ----a-w C:\Windows\System32\atioglxx.dll2008-07-04 02:50 50,688 ----a-w C:\Windows\System32\amdpcom32.dll2008-07-04 02:50 42,496 ----a-w C:\Windows\System32\atiadlxx.dll2008-06-27 09:42 6,295,552 ----a-w C:\Windows\RtHDVCpl.exe2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll2008-06-25 11:49 1,826,816 ----a-w C:\Windows\SkyTel.exe2008-06-18 15:47 33,792 ----a-w C:\Windows\System32\RtkCoInst.dll2008-06-13 15:21 721,408 ----a-w C:\Windows\System32\RtkPgExt.dll2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 C:\Windows\RtHDVCpl.exe]"Skytel"="Skytel.exe" [2008-06-25 C:\Windows\SkyTel.exe]C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"{69B0FC5A-A250-481B-9550-5616EE8467DF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)"{B3A2BA2A-3399-4568-8ACA-3F09250E9557}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{AE5E06AE-3447-428B-9F03-D839D13DAC26}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{5D8BF90E-6271-4B47-BFE6-F1B00D9699DF}"= UDP:D:\GameCenter\GameCenter.exe:GameCenter"{B3B807D7-3737-4347-8CA3-A79E73633552}"= TCP:D:\GameCenter\GameCenter.exe:GameCenter"{43315FAF-F607-4F4B-B66E-1E247D5C722C}"= UDP:D:\Loki\Loki.exe:Loki"{2F28FFD4-EFA7-4F26-8931-225E55727B37}"= TCP:D:\Loki\Loki.exe:Loki"{1E77F19C-5FB9-4A48-9D28-4D1CAF2A5302}"= UDP:D:\Loki\Autorun\Autorun.exe:Loki - AutoRun"{703F2DFC-D03D-49AB-A97F-BB0C219BA872}"= TCP:D:\Loki\Autorun\Autorun.exe:Loki - AutoRun"TCP Query User{A1BDBA41-3146-4B15-BC64-A0714DDFF3C3}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup"UDP Query User{3953C6F3-F266-4D88-BCB2-74D6EF2083B3}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup"{29E9287B-8075-44B8-A595-C29D62DA3C9B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)"{ED9F8A29-56F7-4472-BF50-F4CB7414F509}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)"{E58F9434-CD5F-451E-BB72-5EFA8A7EC7E2}"= UDP:D:\BF 2\BF2.exe:Battlefield 2"{0E0D58FE-8589-4EF2-BDC0-47E8D413A04B}"= TCP:D:\BF 2\BF2.exe:Battlefield 2[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]"EnableFirewall"= 0 (0x0)R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 32784]R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 20496]R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-07-04 3847168]R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f8fd249-7846-11dd-9d36-001d7d77753b}]\shell\AutoRun\command - J:\Autorun.exe*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90.Zawartość folderu 'Zaplanowane zadania'.- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeHKCU-Run-LightScribe Control Panel - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exeHKLM-Run-CafeNews - C:\Program Files\CafeNews\CN.exeHKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe.------- Skan uzupełniający -------.O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 -: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htmO8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-13 15:57:30Windows 6.0.6001 Service Pack 1 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2008-09-13 15:58:56ComboFix-quarantined-files.txt 2008-09-13 13:58:52Przed: 46,253,928,448 bajt˘w wolnychPo: 46,907,305,984 bajt˘w wolnych214 --- E O F --- 2008-09-12 10:05:57
Mateusz J. komentarz 13 września 2008 komentarz 13 września 2008 Log czysty. Wywal C:\QooBox jeśli takowy folder powstał. Przeskanuj komputer skanerem online (Kaspersky).
Demonrex komentarz 13 września 2008 Autor komentarz 13 września 2008 Przeskanowałem. Czysty. Jakieś inne pomysły?
Mateusz J. komentarz 13 września 2008 komentarz 13 września 2008 Jakieś inne pomysły?To nie wina wirusów.Jedyne co mi przychodzi do głowy, to że wykasował go ktoś przypadkowo. Robiłeś przywracanie systemu?
Demonrex komentarz 14 września 2008 Autor komentarz 14 września 2008 Nie chodzi mi o przywrócenie gry. Martwiłem się że mam zasyfiony komputer, to wszystko. Dziękuję wszystkim za pomoc. Wynagradzam to plusikiem .
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.